Function pfwl_dissect_L4

Function Documentation

pfwl_status_t pfwl_dissect_L4(pfwl_state_t *state, const unsigned char *pkt, size_t length, double timestamp, pfwl_dissection_info_t *dissection_info, pfwl_flow_info_private_t **flow_info_private)

Extracts from the packet the L4 information.

Return

The status of the identification process.

Parameters

  • state: The state of the library.

  • pkt: The pointer to the beginning of UDP or TCP header.

  • length: Length of the packet (from the beginning of the UDP or TCP header).

  • timestamp: The current time. The time unit depends on the timers used by the caller and can be set through the pfwl_set_timestamp_unit call. By default it is assumed that the timestamps unit is ‘seconds’.

  • dissection_info: The result of the dissection. Bytes of dissection_info.l4, dissection_info.l7 must be set to 0 before calling this call. Dissection information about L3 headers must be filled in by the caller. l4.protocol must be filled in by the caller as well. Dissection information about L4 headers will be filled in by this call.

  • flow_info_private: Will be filled by this library. *flow_info_private will point to the private information about the flow.